Two DeFi protocols, Ink Finance and Renegade, have lost a combined $349,000 in separate exploits that occurred in less than two days. Renegade, which raised around $3.4 million in a 2023 seed round led by Dragongly Capital, currently holds over $129,500 in total value locked across its Base and Arbitrum deployments, according to DefiLlama . The protocol held over $338,000 before the hack. Renegade’s TVL dropped sharply after the May exploit. Source: DeFiLlama. Ink Finance has not acknowledged or released any public statements on the exploit. The latest exploits are being seen as an extension of the streak of attacks that made April 2026 the worst month on record for smart contract losses. Ink Finance and Renegade suffer exploits Ink Finance’s exploit was flagged by blockchain security firm Blockaid on May 11. According to Blockaid, the attacker drained approximately $140,000 from the protocol’s Workspace Treasury Proxy contract on Polygon. The bad actors deployed a contract at an address matching a whitelisted claimer entry in Ink Finance’s Workspace controller, then called the claim function to pass the eligibility check and trigger an authorized transfer from the treasury proxy. Renegade, the dark pool DEX, suffered its own exploit the previous day, May 10. Confirming a post by Blockaid, the protocol stated that a legacy V1 deployment on Arbitrum was exploited for approximately $209,000. It informed the public that the white hat has already returned around $190k and added that all affected users will be made whole. Renegade confirmed that the vulnerability was isolated to the V1 Arbitrum deployment and did not affect its other contracts. Syndicate bridge losses add to the toll The two exploits follow a string of incidents that began in late April. On April 30, Syndicate Labs announced it had suffered a security incident. This was a private key compromise that enabled malicious upgrades to bridge contracts on two chains, and resulted in the loss of around 18.5 million SYND tokens and $50,000 in other tokens. On May 10, Syndicate stated that it had reimbursed all affected SYND holders on Commons Chain in full, plus an additional 15% of the total amount lost. The reimbursements were sent directly to affected wallets on Base, with gas fees covered by Syndicate Labs. AI-assisted attacks raise the stakes DeFi exploits are on the rise at a pace never seen before. There is growing evidence that AI tools are being leveraged to lower the barrier for attackers. An a16z Crypto research discovered that an off-the-shelf AI coding agent, given only a contract address and basic developer tools, could independently identify and exploit smart contract vulnerabilities 10% of the time. The success rate went up seven times to 70% when the agent was provided with structured knowledge about common attack patterns. GoPlus Security reportedly flagged four separate smart contract exploits on Ethereum mainnet within a 48-hour window ending April 29, with combined losses exceeding $1.5 million, per the same report. The firm sees the current pace of AI-assisted attacks as a “countdown-by-the-second era.” If you're reading this, you’re already ahead. Stay there with our newsletter .
